<?php @session_start();?>
<?php
require_once('./safe.php');
require_once('../admin/config.php');
$conn = mysql_connect($cfg_dbhost,$cfg_dbuser,$cfg_dbpwd);
mysql_select_db($cfg_dbname,$conn);

$current_password=$_POST["current_password"];
$new_password=$_POST["new_password"];
$new_password_confirmation=$_POST["new_password_confirmation"];


if(empty($current_password)&&empty($new_password)&&empty($new_password_confirmation)){
echo "<script language=JavaScript>\r\n";
echo "alert('The field is required.!');\r\n";
echo "location.href='/dashboard/settings.php'\r\n";
echo "</script>";
exit;
}
if($new_password!==$new_password_confirmation){
echo "<script language=JavaScript>\r\n";
echo "alert('The new password confirmation does not match.');\r\n";
echo "location.href='/dashboard/settings.php'\r\n";
echo "</script>";
exit;
}
$sqla="select * from ph_user where id='".$_SESSION["userid"]."' and user_pass='".$current_password."'";
$resulta=mysql_query($sqla);
if(mysql_num_rows($resulta)<1){
echo "<script language=JavaScript>\r\n";
echo "alert('The password entered doesn\'t match your current one.');\r\n";
echo "location.href='/dashboard/settings.php'\r\n";
echo "</script>";
exit;
}
$sql = "update ph_user set user_pass='".$new_password."' where id='".$_SESSION["userid"]."'";
mysql_query($sql,$conn);
echo "<script language=JavaScript>\r\n";
echo "alert('Successfully saved your New Password.');\r\n";
echo "location.href='/dashboard/settings.php'\r\n";
echo "</script>";






?>